Performance Analysis of Network Intrusion Detection Using T-Pot Honeypots
DOI:
https://doi.org/10.24191/jcrinn.v9i2.477Keywords:
honeypot, performance analysis, network intrusion, t-potAbstract
Honeypots have become invaluable tools in the field of cybersecurity, allowing researchers to gain insights into attacker behaviour, collect data on malicious activities, and develop effective defence strategies. Traditionally, honeypots relied on rule-based approaches or signature-based detection to identify and categorise attacks. However, with the growing complexity and diversity of cyber threats, these methods often struggle to keep pace with evolving attack techniques. Modern honeypots, such as T-Pot, have become multi-faceted systems that provide researchers with a wealth of data. They could emulate different vulnerabilities and services, thus attracting a wide array of cyberattacks. This ability to simulate real-world systems and networks allowed for a detailed analysis of attack methodologies and helped to understand the evolving nature of cyber threats. As attacks became more sophisticated, so did the strategies to combat them. This included understanding the landscape of cyber threats, anticipating potential vulnerabilities, and staying ahead of the attackers. Thus, this project aims to implement a complex honeypot system with capabilities to detect and prevent cyberattacks. The project will involve designing the honeypot infrastructure, collecting data on attacks, integrating the model into the honeypot system for real-time analysis, generating reports and alerts based on the analysis, and continuously improving the system's defences. The tests revealed that honeypots can perform real cyberattacks, as well as detect and warn about threats. This project used Nmap, Hydra, and Hping3 to pretend to be attackers and show that the honeypot could fake network resources and attract them, which makes it a smart network intrusion detection system. There was a lot of experimental data on how well the honeypot could find things. Each test checked how well the honeypot could find threats on the network. In conclusion, these tests proved that the honeypot's methods for finding threats are correct, which means it can indeed find network breaches.
Downloads
References
Baçer, M., Güven, E. Y., & Aydin, M. A. (2021). SSH and Telnet protocols attack analysis using honeypot technique. In Proceedings - 6th International Conference on Computer Science and Engineering, UBMK 2021 (pp. 806–811). https://doi.org/10.1109/UBMK52708.2021.9558948
Kristyanto, M. A., Krisnahati, I., Rawung, F., Dzhalila, D., Nurwibawa, B. D., Murti, W., Adi Pratomo, B., & Shiddiqi, A. M. (2022). SSH bruteforce attack classification using machine learning. In 2022 10th International Conference on Information and Communication Technology (ICoICT 2022) (pp. 116–119). IEEE Xplore. https://doi.org/10.1109/ICoICT55009.2022.9914864
Matin, I. M. M. & Rahardjo, B. (2019). Malware detection using honeypot and machine learning. In 7th International Conference on Cyber and IT Service Management (CITSM) (pp. 1-4). IEEE Xplore. https://doi.org/10.1109/CITSM47753.2019.8965419
Mehta, S., Pawade, D., Nayyar, Y., Siddavatam, I., Tiwart, A., & Dalvi, A. (2021). Cowrie honeypot data analysis and predicting the directory traverser pattern during the attack. In Proceedings of the 2021 IEEE International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES 2021) (1-4). IEEE Xplore. https://doi.org/10.1109/ICSES52305.2021.9633881
Mudgal, A., & Bhatia, S. (2022). A step towards improvement in classical honeypot security system. In 2022 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COM-IT-CON 2022) (pp. 720–725). IEEE Xplore. https://doi.org/10.1109/COM-IT-CON54601.2022.9850502
Nursetyo, A., Setiadi, D. R. I. M., Rachmawanto, E. & Sari, A. (2019). Website and network security techniques against brute force attacks using honeypot. In 2019 Fourth International Conference on Informatics and Computing (ICIC) (pp. 1-6). IEEE Xplore. https://doi.org/10.1109/ICIC47613.2019.8985686
Patel, P., Dalvi, A., & Sidddavatam, I. (2022). Exploiting honeypot for cryptojacking: The other side of the story of honeypot deployment. In 2022 6th International Conference on Computing, Communication, Control and Automation (ICCUBEA 2022) (pp. 1-5). IEEE Xplore. https://doi.org/10.1109/ICCUBEA54992.2022.10010904
Spyros, A., Papoutsis, A., Koritsas, I., Mengidis, N., Iliou, C., Kavallieros, D., Tsikrika, T., Vrochidis, S., & Kompatsiaris, I. (2022). Towards continuous enrichment of cyber threat intelligence: A Study on a honeypot dataset. In Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience (CSR 2022) (pp. 267–272). IEEE Xplore. https://doi.org/10.1109/CSR54599.2022.9850295
Tsochev, G., Sharabov, M., & Georgiev, A. (2021). Using machine learning reacted with honeypot systems for securing network. In Proceedings International Conference Automatics and Informatics (ICAI 2021) (pp. 425–428). IEEE Xplore. https://doi.org/10.1109/ICAI52893.2021.9639590
Veena, K., Meena, K., M, M. T., C, H., & Rajalakshmi, D. (2023). An advanced intrusion detection solution for networks based on honeypot servers. In 2023 International Conference on Inventive Computation Technologies (ICICT) (pp. 1217–1222). IEEE Xplore. https://doi.org/10.1109/ICICT57646.2023.10134511
Zymberi, I. (2021). Honeypots: A means of sensitizing awareness of cybersecurity concerns [Bachelor thesis - Information and Communication Technology, Metropolia University of Applied Sciences]. https://urn.fi/URN:NBN:fi:amk-202105016540
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Mohd Faris Mohd Fuzi, Muhammad Fahimuddin Mazlan, Muhammad Nabil Fikri Jamaluddin, Iman Hazwam Abd Halim (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.